Write a simple "biochemistry crisis 4" modifier in C + +

The idea is relatively simple, the implementation method is not difficult, I would like to say here about the process:
♦ Use Cheatengine or similar memory search tool to locate the memory address of the value to be modified;
♦ Determine the number of bytes of the value to be modified;
♦ Elevate the Privilege (privilege) of the modifier process itself;
♦ Find and open the target process, get the target process handle;
♦ Read the value on the target process memory address;
♦ Writes the value to the memory address of the target process;

The first and second step is not the scope of this article, we start from the third step;

From Windows Vista, Microsoft introduced a new security mechanism, if a process does not have sufficient permissions, is unable to read or write the contents and information of another process, and we want to do the memory modifier needs to read and write the memory of the other process, so you have to improve the modifier process itself permissions;
Each newly-started process is assigned an Access Token, which contains a list of Privilege, the Privilege list describes what privileges the process has, and if we want to read and write to another process, you can add a Debug to the modifier process Privilege, this Privilege allows our process to debug and adjust the memory of another process, is Microsoft dedicated to the debugger open Privilege, just can be used for us;
Privilege contains two attributes, one called name, is a string representation of the privileged name, a called LUID, to ensure the local uniqueness of the privilege, to adjust the process privileges, you need to first obtain the name of the corresponding Luid,lookupprivilegevalue ( ) function can query a Privilege Name corresponding to the Privilege LUID;
Open the process's Access Token through the OpenProcessToken () function, then populate the query into the Privilege LUID to a specific struct, and then through the struct, call the AdjustTokenPrivileges () function to adjust the input Process privileges, and now that the processing privileges have been adjusted, let's look at the following code:

Next, we want to find and open the game process, the current situation is this, we only know the game's EXE file name, but we need the game process handle, for this, we can through the Win32 SDK API provided by the Tool Help library inside the function to achieve;
First, call the CreateToolhelp32Snapshot () function to create a snapshot of the process, and then use the Process32First () and Process32Next () functions to enumerate all the processes, and the two functions return a PROCESSENTRY32 struct, which contains the EXE file name of the process being enumerated and the process ID, we can get the ID of the process by comparing the EXE file name of the process, the code is as follows:

With the process ID of the game, we can open the game process through the openprocess () function and get the process handle of the game, preparing for the last two cloths, as shown in the code:

OK, everything is ready, only owed the East wind, our final step is to read and write the memory data of the game process through the readprocessmemory () function and the WriteProcessMemory () function, where the memory, specifically, should be virtual memory, that is, the so-called 4GB of memory, which is Microsoft's own definition, Windows stipulates that any process has its own virtual memory, at run time will be the virtual memory mapped to real physical memory;
Therefore, when we open the game process, we need to specify the Process_vm_operation, Process_vm_read and Process_vm_write three flags, to explain to the system that our intention is to operate and read and write the game process of virtual memory content;
Memory read and write operations require four parameters, process handle, memory address, data content, data size (the number of bytes), process handle has, memory address and data size we have identified in the first step (laughter), so we just need to confidently write the following code:

The following code reads Leon's blood volume, Maximum blood volume, and amount of money in the game:

The following code writes values to the game Leon's blood volume, Maximum blood volume, and amount of money:

Finally, I use the dialog box to simply do an interface program, let's take a look at the final results diagram:

When the game was just running, Leon's blood levels were not loaded, so they all showed 0;

After New Game, Leon's default blood volume and maximum blood limit are 1200, and there is no money;

Kill a crow, pick up the PTS, the modifier displays the PTS, the data is correct;

After being attacked by the first enemy in the game, 630 blood was left, and then the enemy was beaten up by angry Leon and died in the streets.

But the enemy's sacrifice was only wasted, because I clicked on the "Full HP" button, and Leon recovered to the state of blood, my blood was full, and you, but never stand up;

Then I clicked on "PTS + 2000", even without going to the battlefield, to get a lot of money reward;

Write a simple "biochemistry crisis 4" modifier in C + +